Vietcombank issues new warning: accounts may be frozen in certain circumstances

Vietnam Joint Stock Commercial Bank for Industry and Trade (Vietcombank) has announced changes and updates to the terms and conditions for using electronic banking services for individuals and small businesses, effective from 20 April 2026. The update includes landmark security-oriented changes, notably standardizing biometric verification methods and imposing very strict rules on cases where the VCB Digibank service must be locked or revoked to protect users’ assets. Facepay verification tightening and risk of app lock when wrong code The most notable highlight is systematizing biometric transaction confirmations, especially Facepay and device biometrics. To activate and use Facepay, individual customers must possess a chip-based Citizen ID or hold a VNeID level-2 digital identity. The system will directly compare the user’s facial data against the original database to approve. Vietcombank applies extremely strict safeguards for these methods. If a user scans Facepay, enters a VCB-Smart OTP or digital signature incorrectly more times than allowed, the system will immediately lock access to the verification method to prevent fraud. Risk of losing account due to changing phone number or neglecting the app To eradicate fake accounts and SIM swap risk, Vietcombank enforces strict penalties related to mobile number information. Specifically, if the telecom operator confirms that the phone number registered for VCB Digibank no longer belongs to the customer, the bank will actively request verification. If the customer does not respond or visit a branch within 7 days, the service will be locked. After 14 days, the bank has full authority to completely cancel the VCB Digibank service. Additionally, dormant accounts with no login or transactions for 12 consecutive months will be subject to service termination after a 5-day prior notice. Audit rights and urgent security warnings In the context of rising high-tech crime, Vietcombank urges users not to disclose identification information on unfamiliar websites and not to share OTP codes or passwords with anyone, including bank staff. When abnormal signs such as loss of an OTP device, suspected hacking, or data leakage are detected, users should immediately change their password and call the hotline to block the account. Regarding remedies after an incident, customers have a 60-day window from the time the system processes the instruction to file a complaint. The bank is responsible for receiving, processing, and responding with a resolution within 30 business days.